From 1e2446a8b39989f4d025ae3587792c327f430ce2 Mon Sep 17 00:00:00 2001
From: Wei Zhou <weizhou@apache.org>
Date: Fri, 11 Aug 2023 12:39:00 +0200
Subject: [PATCH] CKS: check access when get kubernetescluster config

---
 .../cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java  | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
index 0c07268b82f2..f0fa335d22c3 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
@@ -1285,6 +1285,8 @@ public KubernetesClusterConfigResponse getKubernetesClusterConfig(GetKubernetesC
         if (kubernetesCluster == null) {
             throw new InvalidParameterValueException("Invalid Kubernetes cluster ID specified");
         }
+        Account caller = CallContext.current().getCallingAccount();
+        accountManager.checkAccess(caller, SecurityChecker.AccessType.OperateEntry, false, kubernetesCluster);
         KubernetesClusterConfigResponse response = new KubernetesClusterConfigResponse();
         response.setId(kubernetesCluster.getUuid());
         response.setName(kubernetesCluster.getName());